Log4j 2.17.1 was released because a new vulnerability on RCE (Remote Code Execution) had been found in 2.17.0. (CVE-2021-4483)
According to The Apache Software Founndation, CVSS is 6.6 and the severity is moderate.
There is the risk when an attacker has the permission to modify the logging configuration file.
This post is based on the tweet by my company.